DEPLOYMENTS

RESEARCH AND DEVELOPMENT

With Sébastien (Larinier) and Thomas Chopitea’s arrival, we will develop the following project:
- Open Source Intelligence. Sébastien is the core developper of the OSINT Framework. OSINT Framework is a set of tools designed to automate and make easy the gathering and storage of intelligence collected from open sources. (https://github.com/sebdraven/OSINT)

- Visualization. Thomas is the core developper of Malcom. Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic. This comes handy when analyzing how certain malware species try to communicate with the outside world. (https://github.com/tomchop/malcom).

Sébastien (Tricaud) also enhanced FAUP. Faup can be downloaded from its github page (http://www.github.com/stricaud/faup). It is a simple stupid URL parser. Recent changes added lua modules to script the input and output from Faup. That allows to emulate various browsers behavior on top of URLs and also to save any URL faup has to deal with.

- Exploit Kits Krwaler (Sébastien Larinier & Guillaume Arcas) - Exploit Krawler is a framework that will allow to grab the tools from miscellaneous exploit kits (applet java,pdf..) in order to make their analysis easier at a large scale. Exploit Krawler is based on a cluster of Selenium instrumented browsers and HoneyProxy proxies.

FINDINGS

No particular findings yet. The 2013 year was mainly marked by new members’ arrival & integration, as well as new projects.
We are expecting more results for 2014.

GOALS

We planned to deploy some CIF (Collaborative Intelligence Framework) instances last year. After some testing it appeared that CIF was not so easy and simple to use than expected.
As Malcom was partially designed to collect and store the very same kind of information as CIF, we first had Thomas Chopitea to join the French Chapter, then decided to move to his tools to build our yet-to-come threat intelligence depository, that will just provide the same information sharing capabilities as CIF (but with bubbles…).

For 2014 we plan:
- To enhance MalCom (candidate for GSoC 2014)
- Find a way to make it hpfriendly (for example: able to get data from hpfeeds and share data through the same channel).

MISC

Sebastien Tricaud is stepping down from being a co-lead and Guillaume becomes the French chapter leader. Guillaume Arcas is happy and proud to accept this handover and will do his best to be responsible and trustworthy of this task.